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DETAILED ACTION 

1 . In response to amendment filed on 12 July 2007 and Examiner Initiated Interview on 

1 1 September 2007. Claims 6, 16, and 26 are canceled. Claims 1, 7, 1 1, 17, and 21 have been 
amended. Amendments to the claims are accepted. 

2. An examiner's amendment to the record is attached. Please enter entire claim set. Should 
the changes and/or additions be unacceptable to applicant, an amendment may be filed as 
provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be 
submitted no later than the payment of the issue fee. The examiner's amendment was authorized 
by attorney of record Rohan G. Sabapathypillai in phone interview on 21 August 2007 and 
confirming email sent on 30 August 2007. 

Response to Arguments 
3 Applicant's arguments filed 12 July 2007 have been fully considered and they are 
persuasive. 

Allowable Subject Matter 

4. Claims 1-5, 7-15, 17-25, and 27-30 are allowed. 

Conclusion 

5. Any comments considered necessary by applicant must be submitted no later than the 
payment of the issue fee and, to avoid processing delays, should preferably accompany the issue 
fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for 
Allowance". 
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Any inquiry concerning this communication or earlier communications from the 



examiner should be directed to Ellen C Tran whose telephone number is 



(571) 272-3842. The examiner can normally be reached from 6:00 am to 4:00 pm. 



If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 



Kambiz Zand can be reached on (571) 272-381 1. The fax phone number for the organization 

where this application or proceeding is assigned is (571) 273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 




Ellen. Tran 
Patent Examiner 
Technology Center 2134 
1 1 September 2007 



Application/Control Number: 09/895,057 Page 4 

Art Unit: 2134 

Examiner's Amendment 

This listing of the claims will replace all prior versions and listings of the claims in the 
application: 

Listing of Claims : 

1. (Currently amended) A method comprising: 

performing security authentication of a content driver by a content decryption component 
in order to verify an identity of the content driver as a secure content driver, wherein the content 
driver and the content decryption component are located within a kernel application space, 
wherein the kernel application space is modified for registering the secure content driver with the 
content decryption component in order for the secure content driver to receive security identity 
authentication, wherein the content decryption component is tamper-resistant; 

receiving an encrypted content stream from the secure content driver; 

performing integrity authentication of a run-time image of the secure content driver; and 

while integrity authentication of the secure content driver is verified, streaming decrypted 
content to the secure content driver to enable playback of the decrypted content to a user, 

wherein performing integrity authentication further comprises: 

decrypting the encrypted content stream received from the secure content driver; 
while decrypting the received encrypted content stream, performing a hash value 

calculation of code segments that perform functionality of the secure content driver while 

loaded in memory; 

selecting a stored digital signature of the run-time image of the secure content 

driver; 
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decrypting the digital signature to reveal a run-time hash value: 

comparing the computed hash value with the run-time hash value of the secure 
content driver; and 

while the calculated hash value matches the run-time hash value of the secure 
content driver, repeating the decryption, the performing, the selecting and the comparing 
until decryption of the received encrypted content stream is complete . 

2. . (Previously Presented) The method of claim 1, wherein performing security 
authentication further comprises: 

locating authorization information of the secure content driver; 
decrypting the authorization information received from the secure content driver; and 
authenticating an identity of the secure content driver based on the decrypted 
authorization information. 

3. (Original) The method of claim 2, wherein authenticating the identity further comprises: 
calculating a hash value of a static image of the secure content driver prior to loading the 

secure content driver into memory; 

selecting a stored digital signature of the static image; 

decrypting the stored digital signature to retrieve a pre-calculated hash value of the secure 
content driver; 

comparing the pre-calculated hash value with the calculated hash value; and 



Application/Control Number: 09/895,057 Page 6 

Art Unit: 2134 

when the calculated hash value matches the pre-calculated hash value of the secure 
content driver, notifying the secure content driver of successful security authentication. 

4. (Original) The method of claim 1, wherein performing security authentication further 
comprises: 

once security authentication of the content driver is established, determining a run-time at 
memory location of the secure content driver; and 

establishing a function entry point for receiving the stream of encrypted content from the 
secure content driver. 

5. (Original) The method of claim 1, further comprising: 

receiving a content decryption key in order to enable decryption of encrypted content 
streams received from the secure content driver; 

receiving a digital signature of a static image of the secure content driver; and 
receiving a digital signature of a run-time image of the secure content driver. 

6. (Cancelled). 

7. (Currently Amended) A method comprising: 

establishing security authentication from a content decryption component, such that a 
content driver is verified as a secure content driver, wherein the content driver and the content 
decryption component are located within a kernel application space, wherein the kernel 
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application space is modified for registering the secure content driver with the content decryption 
component in order for the secure content driver to receive security identity authentication, and 
wherein the content decryption component is tamper-resistant; 

when establishment of security authentication is successful, receiving access to a callback 
function in order to receive clear, decrypted content streams from the content decryption 
component; . 

receiving a stream of encrypted content; 

while establishing integrity authentication of a run-time image of the secure content 
driver, streaming the encrypted content to the content decryption component; and 

when security authentication is successfully established, receiving clear, decrypted 
content from the content decryption component via the received callback function^ 
wherein establishing integrity authentication further comprises: 

decrypting the encrypted content stream received from the secure content driver; 
while decrypting the received encrypted content stream, performing a hash value 
calculation of code segments that perform functionality of the secure content driver while 
loaded in memory; 

selecting a stored digital signature of the run-time image of the secure content 

driver; 

decrypting the digital signature to reveal a run-time hash value; 

comparing the computed hash value with the run-time hash value of the secure 
content driver; and 
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while the calculated hash value matches the run-time hash value of the secure 
content driver, repeating the decryption, the performing, the selecting and the comparing 
until decryption of the received encrypted content stream is. complete . 

8. (Original) The method of claim 7, wherein establishing security verification 
further comprises: 

receiving a request for authorization information from the content decryption component; 
transmitting the requested authorization information to the content decryption 
component; and 

when security authentication is successfully established, receiving notification of 
successful security authentication from the content decryption component, such that the content 
driver is established as the secure content driver. 

9. (Original) The method of claim 7, wherein establishing security authentication further 
comprises: 

once security authentication is established, providing content decryption component with 
a memory location wherein the secure content driver is loaded at run-time; and 

providing the content decryption component with a function entry point for receiving the 
stream of encrypted content. 



10. 



(Original) The method of claim 7, wherein receiving encrypted content further comprises: 
receiving encrypted content from a content source reader; and 
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receiving a direction from a content driver to stream the encrypted content to the content 
decryption component. 

1 1 . (Currently amended) A computer readable storage medium including program instruction 
that directs a computer to function in a specified manner when executed by a processor, the 
program instructions comprising: 

performing security authentication of a content driver by a content decryption component 
in order to verify an identity of the content driver as a secure content driver, wherein the content 
driver and the content decryption component are located within a kernel application space, 
wherein the kernel application space is modified for registering the secure content driver with the 
content decryption component in order for the secure content driver to receive security identity 
authentication, and wherein the content decryption component is tamper-resistant; 

receiving an encrypted content stream from the secure content driver; 

performing integrity authentication of a run-time image of the secure content driver; and 

while integrity authentication of the secure content driver is verified, streaming decrypted 
content to the secure content driver to enable playback of the decrypted content to a user A 

wherein performing integrity authentication further comprises: 

decrypting the encrypted content stream received from the secure content driver; 
while decrypting the received encrypted content stream, performing a hash value 

calculation of code segments that perform functionality of the secure content driver while 

loaded in memory; 
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selecting a stored digital signature of the run-time image of the secure content 

driver; 

decrypting the digital signature to reveal a run-time hash value; 
comparing the computed hash value with the run-time hash value of the secure 
content driver; and 

while the calculated hash value matches the run-time hash value of the secure 
content driver, repeating the decryption, the performing, the selecting and the comparing 
until decryption of the received encrypted content stream is complete , 

12. (Previously Presented). The computer readable storage medium of claim 11, wherein 
performing security authentication further comprises: 

locating authorization information of the secure content driver; 
decrypting the authorization information received from the secure content driver; and 
authenticating an identity of the secure content driver based on the decrypted 
authorization information. 

13. (Original) The computer readable storage medium of claim 12, wherein authenticating 
the identity further comprises: 

calculating a hash value of a static image of the secure content driver prior to loading the 
secure content driver into memory; 

selecting a stored digital signature of the static image; 
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decrypting the stored digital signature to retrieve a pre-calculated hash value of the secure 
content driver; 

comparing the pre-calculated hash value with the calculated hash value; and 
when the calculated hash value matches the pre-calculated hash value of the secure content 
driver, notifying the secure content driver of successful security authentication. 

14. (Original) The computer readable storage medium of claim 1 1 , wherein performing 
security authentication further comprises: 

once security authentication of the content driver is established, determining a run-time at 
memory location of the secure content driver; and 

establishing a function entry point for receiving the stream of encrypted content from the 
secure content driver. 

15. (Original) The computer readable storage medium of claim 11, further comprising: 
receiving a content decryption key in order to enable decryption of encrypted content 

streams received from the secure content driver; 

receiving a digital signature of a static image of the secure content driver; and 
receiving a digital signature of a run-time image of the secure content driver. 

16. (Cancelled). 



17. 



(Currently Amended) A computer readable storage medium including program 
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instruction that directs a computer to function in a specified manner when executed by a 
processor, the program instructions comprising: 

establishing security authentication from a content decryption component, such that a 
content driver is verified as a secure content driver, wherein the content driver and the content 
decryption component are located within a kernel application space, wherein the kernel 
application space is modified for registering the secure content driver with the content decryption 
component in order for the secure content driver to receive security identity authentication, and 
wherein the content decryption component is tamper-resistant; 

when establishment of security authentication is successful, receiving access to a callback 
function in order to receive clear, decrypted content streams from the content decryption 
component; 

receiving a stream of encrypted content; 

while establishing integrity authentication of a run-time image of the secure content 
driver, streaming the encrypted content to the content decryption component; and 

when security authentication is successfully established, receiving clear, decrypted 
content from the content decryption component via the received callback function 
wherein establishing integrity authentication further comprises: 

decrypting the encrypted content stream received from the secure content driver; 
while decrypting the received encrypted content stream, performing a hash value 
calculation of code segments that perform functionality of the secure content driver while 
loaded in memory; 
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selecting a stored digital signature of the run-time image of the secure content 

driver; 

decrypting the digital signature to reveal a run-time hash value; 

comparing the computed hash value with the run-time hash value of the secure 
content driver; and 

while the calculated hash value matches the run-time hash value of the secure 
content driver, repeating the decryption, the performing, the selecting and the comparing 
until decryption of the received encrypted content stream is complete , 

18. (Original) The computer readable storage medium of claim 17, wherein 
establishing security verification further comprises: 

receiving a request for authorization information from the content decryption component; 
transmitting the requested authorization information to the content decryption 
component; and 

when security authentication is successfully established, receiving notification of 
successful security authentication from the content decryption component, such that the content 
driver is established as the secure content driver. 

19. (Original) The computer readable storage medium of claim 17, wherein establishing 
security authentication further comprises: 

once security authentication is established, providing content decryption component with 
a memory location wherein the secure content driver is loaded at run-time; and 
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providing the content decryption component with a function entry point for receiving the 
stream of encrypted content. 

20. (Original) The computer readable storage medium of claim 17, wherein receiving 
encrypted content further comprises: 

receiving encrypted content from a content source reader; and 

receiving a direction from a content driver to stream the encrypted content to the content 
decryption component. 

21. (Currently Amended) An apparatus, comprising: 

a processor having circuitry to execute instructions; 

a content play-back interface coupled to the processor, the content play-back interface to 
receive encrypted content, and to enable play-back of the received encrypted content to a user; 
and 

a storage device coupled to the processor, having sequences of instructions stored therein, 
which when executed by the processor cause the processor to: 

perform security authentication of a content driver by a content decryption 
component in order to verify an identity of the content driver as a secure content driver, 
wherein the content driver and the content decryption component are located within a 
kernel application space, wherein the kernel application space is modified for registering 
the secure content driver with the content decryption component in order for the secure 
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content driver to receive security identity authentication, and wherein the content 

decryption component is tamper-resistant, 

receive an encrypted content stream from the secure content driver, 

perform integrity authentication of a run-time image of the secure content driver, 

and 

while integrity authentication of the secure content driver is verified, stream decrypted 
content to the secure content driver to enable playback of the decrypted content to a user^ 

wherein the instruction to perform integrity authentication further comprises the 
processor to: 

decrypt the encrypted content stream received from the secure content 

driver, 

while decrypting the received encrypted content stream, perform a hash 
value calculation of code segments that perform functionality of the secure 
content driver while loaded in memory, 

select a stored digital signature of the run-time image of the secure content 

driver, 

decrypt the digital signature to reveal a run-time hash value, 
compare the computed hash value with the run-time hash value of the 

secure content driver, and 

while the calculated hash value matches the run-time hash value of the 

secure content driver, repeat the decryption, the performing, the selecting and the 
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comparing until decryption of the received encrypted content stream is complete . 

22. (Previously Presented) The apparatus of claim 21 , wherein the instruction to perform 
security authentication further comprises the processor to: 

locate authorization information of the secure content driver, 
decrypt the authorization information received from the secure content driver, and 
authenticate an identity of the secure content driver based on the decrypted authorization 
information. 

23. (Original) The apparatus of claim 22, wherein the instruction to perform security 
authentication further comprises the processor to: 

calculate a hash value of a static image of the secure content driver prior to loading the 
secure content driver into memory, 

select a stored digital signature of the static image, 

decrypt the digital signature to retrieve a pre-calculated hash value of the secure content 

driver, 

compare the pre-calculated hash value with the calculated hash value, and 
when the calculated hash value matches the pre-calculated hash value of the secure 
content driver, notify the secure content driver of successful security authentication. 

24. (Original) The apparatus of claim 21, wherein the instruction to perform security 
authentication further comprises the processor to: 
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once security authentication of the content driver is established, determine a run-time at 
memory location of the secure content driver, and 

establish a function entry point for receiving the stream of encrypted content from the 
secure content driver. 

25. (Original) The apparatus of claim 21, wherein the processor is further caused to: 
receive a content decryption key in order to enable decryption of encrypted content 

streams received from the secure content driver, 

receive a digital signature of a static image of the secure content driver, and 
receive a digital signature of a run-time image of the secure content driver. 

26. (Cancelled) 

27. (Original) The apparatus of claim 21, wherein the processor is further caused to: 
establish security authentication from a content decryption component, such that a 

content driver is verified as a secure content driver, 

when establishment of security authentication is successful, receive access to a callback 
function in order to receive clear, decrypted content streams from the content decryption 
component, 

receive a stream of encrypted content, 

stream the encrypted content to the content decryption component, and 
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when security authentication is successfully established, receive clear, decrypted content 
from the content decryption component via the received callback function. 

28. (Original) The apparatus of claim 21, wherein the instruction to establish security 
verification further comprises the processor to: 

receive a request for authorization information from the content decryption component, 
transmit the requested authorization information to the content decryption component, 

and 

when security authentication is successfully established, receive notification of successful 
security authentication from the content decryption component, such that the content driver is 
established as the secure content driver. 

29. (Original) The apparatus of claim 21, wherein the instruction to establish security 
authentication further comprises the processor to: 

once security authentication is established, 

provide content decryption component with a memory location wherein the secure 
content driver is loaded at run-time, and 

provide the content decryption component with a function entry point for receiving the 
stream of encrypted content. 

30. (Original) The apparatus of claim 21, wherein the instruction to receive encrypted content 
further comprises the processor to: 
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receive encrypted content from a content source reader, and 

receive a direction from a content driver to stream the encrypted content to the content 
decryption component. 
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